Lost or Stolen Debit Card?

Lost or Stolen Credit Card?

Customer Protection and Security

Summit State Bank is committed to protecting you from identity theft, phishing scams and fraud.

Summit State Bank employees will never call or email you to request any account information such as account numbers, user names or passwords.

SECURITY ALERTS

Ransomware Vulnerability

On October 22, 2014, the United States Department of Home Land Security, in collaboration with Canadian Cyber Incident Response Centre, issued an alert regarding malicious software (malware) known as Ransomware. Ransomware infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that the user’s computer has been locked or that all of their files have been encrypted and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars and is sometimes demanded in virtual currency, such as Bitcoin.

There have been reports of individuals and businesses in Sonoma County whose computers have been infected by this malware with ransom demands over $500. Click here to read the full report.

Bash Bug Vulnerability

On September 26, 2014, security experts announced the discovery of the “Bash Bug”, also known as Shellshock, a commonly used piece of system software that has been in use since 1989. Bash, a command shell, is used on a variety of Unix-based systems, including Linux and Mac OS X. Experts feel that the “Bash Bug” is more of a nuisance than a potential threat.

Summit State Bank is already in the process of evaluating and applying fixes to any systems that may be impacted by this bug. We recommend that you evaluate your personal systems as well, and apply any patches as recommended by manufacturers. The most common systems to review are MAC computers, Android phones and tablets, and firmware for your Internet router and/or WiFi device. Generally, patches and instructions can be found by going to the manufacturer's website.

It may take manufacturers several days or weeks to develop and release a fix, so continue to check their websites over the next few weeks, if they have not yet released a fix. If your equipment is more than three years old, you may choose to purchase an updated system, as manufacturers often discontinue support for outdated software and systems, leaving your device vulnerable.

Home Depot

On September 2, 2014, Home Depot, the world’s largest home improvement retailer, announced that criminals used custom-build malware in an attempt to obtain customer information. Between April and September, approximately 56 million unique payment cards were at risk. Equipment that was suspected of having malware was taken out of service and security enhancements were put into place.

On September 18, 2014, Home Depot confirmed that the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment date to all U.S. stores. Home Depot is offering free identity protection services, including credit monitoring. Access to these services are through their website, www.homedepot.com.

Internet Explorer Bug - April 2014

On April 26, 2014, Microsoft announced a software defect in all versions of Internet Explorer that could potentially allow an attacker to gain control of a machine running Internet Explorer. Microsoft released a patch for this vulnerability on May 1. This patch (KB2964358) can be downloaded through Windows Update. We recommend that you not use Internet Explorer for any purpose until you install this update.

Heartbleed Vulnerability

On April 7, 2014, security researchers announced the discovery of a critical vulnerability in OpenSSL called "Heartbleed." OpenSSL is common web encryption software that is used widely across the Internet. When certain versions of OpenSSL are in use, this vulnerability makes it possible for hackers to access information that is transmitted to/from a computer, even though the information is encrypted.

Summit State Bank is happy to report that SummitOnline (online banking) was not impacted by this vulnerability. This includes mobile banking, mobile deposit, bill pay, and all other systems that are associated with online banking. None of these systems were impacted.

If any other online systems that you use have been impacted by the Heartbleed vulnerability, and you use the same password as your SummitOnline password, then you should change both passwords immediately. As a security best practice, we recommend that your SummitOnline password be unique to this system only.